package com.gao.shiro.demo.config;

import com.gao.shiro.demo.pojo.User;
import com.gao.shiro.demo.service.UserService;
import com.gao.shiro.demo.sessionfilter.JwtToken;
import commonjwt.JwtUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;

import javax.annotation.Resource;
import java.util.Objects;

/**
 * @author gaofeng
 * @date 2022年06月29日 23:21
 */
public class UserRealm extends AuthorizingRealm {

    @Resource
    private UserService userService ;

    @Override
    public boolean supports(AuthenticationToken token) {
        return token instanceof JwtToken;
    }

    /**
     * 授权
     * @param principalCollection
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("============执行授权=============");
        String user = JwtUtils.getInfoFromToken(principalCollection.toString());
        // 查库
        User user1 = userService.getUser(user);
        SimpleAuthorizationInfo authenticationInfo = new SimpleAuthorizationInfo() ;
//        authenticationInfo.addStringPermission("user:add");
        // 设置当前用户的权限
//        Subject subject = SecurityUtils.getSubject();
//        User currUser = (User) subject.getPrincipal();
//        authenticationInfo.addStringPermission(currUser.getPerms());
        // 从数据库获取的角色和权限
        authenticationInfo.addRole(user1.getPerms());
        authenticationInfo.addStringPermission(user1.getPerms());
        return authenticationInfo;
    }

    /**
     * 认证
     * @param authenticationToken
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        System.out.println("============执行认证=============");
        // 获取从JwtUtils的executetLogin方法传来的token
        String token = (String) authenticationToken.getCredentials();
        // 解密
        String user = JwtUtils.getInfoFromToken(token);
        User user1 = userService.getUser(user);
        if (StringUtils.isEmpty(user) || !JwtUtils.verifyToken(token, user)) {
            throw new AuthenticationException("token 认证失败！") ;
        }
        if (Objects.isNull(user1)) {
            throw new AuthenticationException("账号或密码错误！") ;
        }
        if (1 == user1.getId()) {
            throw new AuthenticationException("该用户已被封号");
        }
        return new SimpleAuthenticationInfo(token, token, getName());
       /* UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken;
        User userToken = userService.getUser(usernamePasswordToken.getUsername());
        // 数据库中
//        String userName = "root" ;
//        String passWord = "123456" ;
        User user = userService.getUser(userToken.getUsername());

        if (Objects.isNull(user)) {
            return null;
        }
        // 可以加密 MD5加密 MD5盐值加密
        // 密码认证，shiro做
        return new SimpleAuthenticationInfo(user, user.getPassword(), "");*/
    }
}
